Here are a few collected ways I like to customize Ubuntu 22.04 servers. I used to love Ubuntu, but I hate auto updates and snaps. They also put ads and other usless ads diguised as "news" in MOTD. ESM FUD is spread throughout the OS including simple apt functions. You do not need ESM and thus Ubuntu 22.04 has become super annoying. unattended-upgrade is an automatic installation of security (and other) upgrades without user intervention. Consider the ramifications of disabling this service.
The Unattended Upgrades feature is enabled by default and it runs at system boot without the user's permission. The configuration is stored in /etc/apt/apt.conf.d/20auto-upgrades
Disable:
sudo dpkg-reconfigure unattended-upgrades then a TUI will come up, select "No"
This will not permantently disable the function. After an update it will be enabled. In the file /etc/apt/apt.conf.d/20auto-upgrades change these values from 1 to 0. Even doing this it will come back again after an update. This file will look different depending on how your system is configured.
APT::Periodic::Update-Package-Lists "0";
APT::Periodic::Download-Upgradeable-Packages "0";
APT::Periodic::AutocleanInterval "0";
APT::Periodic::Unattended-Upgrade "0";
The best course of action is to remove it entirely.
Uninstall the unattended-packages package... sudo apt remove unattended-upgrades
Even then it will come back from an apt upgrade/update. Even uninstalling this, it will come back again. There are also some cron jobs.
sudo systemctl disable apt-daily-upgrade.timer
sudo systemctl mask apt-daily-upgrade.service
sudo systemctl disable apt-daily.timer
sudo systemctl mask apt-daily.service
The MOTD is polluted with ads about ESM. Thanks Ubuntu marketing dept. They look something like this...
Expanded Security Maintenance for Applications is not enabled.
0 updates can be applied immediately.
Enable ESM Apps to receive additional future security updates.
See https://ubuntu.com/esm or run: sudo pro status
Ubuntu marketing department also injects stuff into aot commands. This only disables news from within the apt cli
sudo pro config set apt_news=false
You will still need to uninstall to completely remove it.
sudo apt remove ubuntu-advantage-tools
sudo ln -s -f /dev/null /etc/apt/apt.conf.d/20apt-esm-hook.conf
sudo sed -i'' -e 's/^\(\s\+\)\([^#]\)/\1# \2/' /etc/apt/apt.conf.d/20apt-esm-hook.conf
sudo mv -v /etc/apt/apt.conf.d/20apt-esm-hook.conf /etc/apt/apt.conf.d/20apt-esm-hook.conf-$(date +%Y%m%d)
or
sudo mv -v /etc/apt/apt.conf.d/20apt-esm-hook.conf /etc/apt/apt.conf.d/20apt-esm-hook.conf.disabled
sudo touch /etc/apt/apt.conf.d/20apt-esm-hook.conf
apt-get --assume-yes --purge remove ubuntu-advantage-tools
You can mask the service units from systemd:
sudo systemctl mask apt-news.service
sudo systemctl mask esm-cache.service
Disable the ESM hook using dpkg-divert. In 22.04 the --rename option is the default and therefore optional. I think this method is preferred:
sudo dpkg-divert --rename --divert /etc/apt/apt.conf.d/20apt-esm-hook.conf.disabled --add /etc/apt/apt.conf.d/20apt-esm-hook.conf
or just disable the service. Not sure how reliable this is.
sudo systemctl disable ubuntu-advantage
/etc/default/motd-news FROM: ENABLED=1 TO: ENABLED=0
or touch $HOME/.hushlogin to completely disable everything after login. I personally do not like this option, instead you can comment out the following in /etc/pam.d/login:
#session optional pam_motd.so motd=/run/motd.dynamic
#session optional pam_motd.so noupdate
sudo chmod -x -v /etc/update-motd.d/*
I like seeing the load, updates available, and network interfaces. So you may want to keep them enabled:
sudo chmod +x -v /etc/update-motd.d/90-updates-available
sudo chmod +x -v /etc/update-motd.d/50-landscape-sysinfo
Taken from: https://askubuntu.com/a/1456185
These messages are defined in /usr/lib/update-notifier/apt_check.py with no flags to disable them.
Here's a sed command that will neuter the functions that generate the messages by inserting a return statement as the first line of the message function:
sudo sed -Ezi.orig \
-e 's/(def _output_esm_service_status.outstream, have_esm_service, service_type.:\n)/\1 return\n/'\
-e 's/(def _output_esm_package_alert.*?\n.*?\n.:\n)/\1 return\n/'\
/usr/lib/update-notifier/apt_check.py
Before...
/usr/lib/update-notifier/apt_check.py --human-readable
Expanded Security Maintenance for Applications is not enabled.
0 updates can be applied immediately.
Enable ESM Apps to receive additional future security updates.
After...
$ /usr/lib/update-notifier/apt_check.py --human-readable
1 update can be applied immediately.
To see these additional updates run: apt list --upgradable
sudo /usr/lib/update-notifier/update-motd-updates-available --force
Go as far as you like with disable and removal. Snaps are a big mess on your system. I have never figured out a method to prevent installation of snaps during OS install.
Stop snapd services
sudo systemctl stop snapd.service
sudo systemctl stop snapd.socket
sudo systemctl mask snapd.service
sudo systemctl mask snapd.socket
Purge snapd
sudo apt purge --auto-remove snapd
Remove no longer needed folders
rm -rfv ~/snap
sudo rm -rfv /snap /var/snap /var/lib/snapd /var/cache/snapd /usr/lib/snapd /root/snap
Block snaps in the hosts file
sudo echo "127.0.0.1 api.snapcraft.io" >> /etc/hosts
Remove specific snap apps. The list may vary.
snap list # This will create a list of installed snap apps.
sudo snap remove snap-store
sudo snap remove gtk-common-themes
sudo snap remove gnome-3-28-1804
sudo snap remove gnome-3-34-1804
sudo snap remove core18
sudo snap remove snapd
snap list # You should expect: No snaps are installed yet. Try 'snap install hello-world'.
Unmount the snapd filesystem
sudo umount /run/snap/ns
Disable the service and socket
sudo systemctl disable snapd.service
sudo systemctl disable snapd.socket
sudo systemctl disable snapd.seeded.service
sudo systemctl disable snapd.autoimport.service
sudo systemctl disable snapd.apparmor.service
Apparmor config for snaps can be removed
sudo rm -rfv /etc/apparmor.d/usr.lib.snapd.snap-confine.real
Restart the apparmor service
sudo systemctl start apparmor.service
Cleanup the filesystem trash left around from snaps. Your list might vary. Less safe version is first.
# df | grep snap | awk {'print "sudo umount " $6'}
sudo umount /snap/chromium/1424
sudo umount /snap/gtk-common-themes/1514
sudo umount /snap/gnome-3-28-1804/145
sudo umount /snap/core18/1944
sudo umount /snap/snapd/10492
sudo umount /var/snap
gsettings set org.gnome.shell.extensions.dash-to-dock click-action 'minimize'
sudo snap remove --purge firefox
sudo add-apt-repository ppa:mozillateam/ppa
sudo apt install -t 'o=LP-PPA-mozillateam' firefox
sudo cat > /etc/apt/preferences.d/mozillateamppa << 'EOL'
Package: firefox*
Pin: release o=LP-PPA-mozillateam
Pin-Priority: 501
EOL
Read about phased updates. https://help.ubuntu.com/community/PhasedUpdates Generally you shouldn't need to disable this unless you are trying to test specific versions of packages.
If you accidentally installed the snapd version of docker (like I did), it can be problematic. This build can only access files in the home directory. Read more about why here: https://snapcraft.io/install/docker/ubuntu and click the "Show more" button. I'm not sure why this information is hidden.
sudo snap remove docker --purge
sudo apt-get remove docker docker-engine docker.io containerd runc
The Docker install guide (link below) also says to:
for pkg in docker.io docker-doc docker-compose docker-compose-v2 podman-docker containerd runc; do
sudo apt-get remove $pkg
done
You may want to also uninstall the Docker engine installed by the Ubuntu installer. How to is here: https://docs.docker.com/engine/install/ubuntu/#uninstall-docker-engine This is the install guide you should follow: https://docs.docker.com/engine/install/ubuntu/
Are there any advantages of Ubuntu over Debian 2023 anyways? Back at the Ubuntu's beginning Debian had no build with proprietary firmware and was harder to install. Now I don't really see the point of Ubuntu (if you are not a commercial user).